CA Service Desk

⚠️

Important

You must purchase this integration separately for both your Remote Support software and your CA Service Desk solution. For more information, contact BeyondTrust's Sales team.

Service desks and customer support organizations using CA Service Desk can integrate with BeyondTrust to improve service levels, centralize support processes, and strengthen compliance. This document describes the installation and configuration of the BeyondTrust Remote Support integration with CA Service Desk.

The integration between CA Service Desk and BeyondTrust Remote Support enables you to initiate a request for a support session from within your support portal as an analyst or employee, providing secure remote support capabilities for your end user community. Additionally, all aspects of the remote support session can be captured directly within your CA Service Desk support ticket, offering information to the analyst and end user in order to properly diagnose, troubleshoot, and resolve user issues.

Prerequisites

To complete this integration, please ensure that you have the necessary software installed and configured as indicated in this guide, accounting for any network considerations.

Applicable versions

• BeyondTrust Remote Support: 19.2 and later
• CA Service Desk: 17.x (plus any associated cumulative patches and test fixes)

Network considerations

The following network communication channels must be open for the integration to work properly:

Prerequisite installation and configuration

The CA Service Desk integration is a BeyondTrust Middleware Engine plugin.

ℹ️

Note

For more information on installing and working with the BeyondTrust Middleware Engine, see the Middleware Engine Guide.

Configure CA Service Desk

⚠️

Important

Before beginning the installation, please ensure you have backed up your CA Service Desk primary and secondary servers.

Create new tables

1. Open the Web Screen Painter and log in as an administrator.
2. From within the Web Screen Painter, open Tools > Schema Designer.
3. Select Add Table, and create a table named z_bomgar_session.
4. Click OK.
5. The table info should now be displayed. Fill in the form with the following information:
   • Name: z_bomgar_session
   • Display Name: BeyondTrust Session
   • Schema Name: z_bomgar_session
   • Description: Fac_Attr_Entry z_bomgar_session
   • Default Display Field: bgr_session_id
   • Foreign Key Field: id
6. Click Save.
7. After creating and saving the table with the required basic information, click Add Column to add the following columns to the table:

8. Once all columns have been created, select File > Save and Publish. When prompted to continue, click Yes.
9. Once again, select Add Table, and create a table named zbgr_connection_type.
10. Click OK.
11. The table info should now be displayed. Fill in the form with the following information:
    • Name: zbgr_connection_type
    • Display Name: BeyondTrust Connection Type
    • Schema Name: zbgr_connection_type
    • Description: Fac_Attr_Entry zbgr_connection_type
    • Default Display Field: connection_name
    • Foreign Key Field: id
12. Click Save.
13. After creating and saving the table with the required basic information, click Add Column to add the following columns to the table:

14. Once all columns have been created, select File > Save and Publish. When prompted to continue, click Yes.
15. Navigate to the nr table within Schema Designer.
16. Select Add Column and add the following fields to this table:

17. Once all columns have been created, select File > Save and Publish. When prompted to continue, click Yes.
18. Ensure all users are out of the system, and then shut down CA Service Desk services on all servers.
19. Open an administrive command prompt window and run the command pdm_publish.

Implement web customizations

1. If not already stopped, stop CA Service Desk services.
2. Browse to the directory where CA Service Desk is installed (e.g., C:\Program Files (x86)\CA\Service Desk Manager).
3. Copy the components package (CA_Service_Management_Integration_Components.zip) to the primary server and extract the contents to \patches.

ℹ️

Note

The patches folder is not created during CA Service Desk installation and may need to be manually created.

1. Locate detail_in.htmpl in .\patches\CA_Service_Management_Integration_Components\CA_ServiceDesk_FrontEnd_Code\site\mods\www\htmpl\web\analyst and open the file in a text editor such as Notepad.
2. Open detail_in.htmpl in .\site\mods\www\htmpl\web\analyst in a text editor.

ℹ️

Note

If you have not previously customized your Analyst Incident interface, you will not find a detail_in.htmpl file located in .\site\mods\www\htmpl\web\analysts. In this case, you need to copy the detail_in.htmpl file from .\bopcfg\www\htmpl\web\analyst to .site\mods\www\htmpl\web\analyst.

1. Within the first file, from the patches folder, there are six code snippets that must be copied to the corresponding location in the second file. These snippets are surrounded by lines which read <!-- Integral Customization -- Start --> and <!-- Integral Customization -- End -->. Copy the code between those lines and paste them in the same locations in the second file.

ℹ️

Note

Do NOT copy the "Start" and "End" lines.

1. Save the file when complete.

⚠️

Important

If you have multiple Analyst type form groups, make sure to apply the changes to each detail_in.htmpl form located in each respective Analyst type form group. An Analyst type form group is any sub-folder underneath .\site\mods\www\htmpl\web\analyst.

1. Copy the following files from .\patches\CA_Service_Management_Integration_Components\CA_ServiceDesk_FrontEnd_Code\site\mods\www\htmpl\web\analyst to .\site\mods\www\htmpl\web\analyst:
   • detail_z_bomgar_session.htmpl
   • detail_zbgr_connection_type.htmpl
   • list_z_bomgar_session.htmpl
   • list_zbgr_connection_type.htmpl
2. Repeat steps 4-7 above but for cmdb_detail.htmpl in .\patches\CA_Service_Management_Integration_Components\CA_ServiceDesk_FrontEnd_Code\site\mods\www\htmpl\web\analyst as the source file and .site\mods\www\htmpl\web\employee as the destination. There should be two snippets that must be copied and placed in the destination file.
3. Repeat steps 4-7 above but for nr_cmdb_har_worx_tab.htmpl in .patches\CA_Service_Management_Integration_Components\CA_ServiceDesk_FrontEnd_Code\site\mods\www\htmpl\web\analyst as the source file and .site\mods\www\htmpl\web\employee as the destination. There should be one snippet that must be copied and placed in the destination file.
4. Repeat steps 4-7 above but for detail_in.htmpl in .\patches\CA_Service_Management_Integration_Components\CA_ServiceDesk_FrontEnd_Code\site\mods\www\htmpl\web\employee as the source file and .\site\mods\www\htmpl\web\employee as the destination. There should be three snippets that must be copied and placed in the destination file.
5. Copy start_session.js from .\patches\CA_Service_Management_Integration_Components\CA_ServiceDesk_FrontEnd_Code\site\mods\www\wwwroot\scripts.
6. Copy Bomgar.png from .\patches\CA_Service_Management_Integration_Components\CA_ServiceDesk_FrontEnd_Code\site\mods\www\wwwroot\img to .\site\mods\www\wwwroot\img.
7. Open .\ns.env in a text editor and add the following line: @NX_bomgar_HOST=<BeyondTrust_Host> where <BeyondTrust_Host> is the hostname of your BeyondTrust site (e.g., support.example.com).
8. Start the CA Service Desk Manager services.
9. Open an administraive command prompt window, change directories to .\patches\CA_Service_Management_Integration_Components\CA_ServiceDesk_FrontEnd_Code, and run the command to load data into the zbgr_connection_type table: Pdm_load -i f zbgr_connection_type.txt.
10. Verify that all files copied in this section have been copied to each primary and secondary server. Log into each primary and secondary CA Service Desk server and verify that the web changes in this section have been replicated in the following files in these locations:

*   **.\\site\\mods\\www\\htmpl\\web\\analyst**
    *   **detail\_in.htmpl**
    *   **detail\_z\_bomgar\_session.htmpl**
    *   **detail\_zbgr\_connection\_type.htmpl**
    *   **list\_z\_bomgar\_session.htmpl**
    *   **list\_zbgr\_connection\_type.htmpl**
*   **.\\site\\mods\\www\\htmpl\\web\\employee**
    *   **detail\_in.htmpl**
*   **.\\site\\mods\\www\\wwwroot\\scripts**
    *   **start\_session.js**
*   **.\\site\\mods\\www\\wwwroot\\img**
    *   **Bomgar.png**

ℹ️

Note

If any file does not exist in these locations on each primary and secondary server, copy the files from the server you made changes on to the primary/secondary servers in the above locations.

Add web UI elements

1. Log into CA Service Desk as an administrator.
2. Go to Administration > Security and Role Management > Role Management > Menu Trees.
3. Within the Menu Trees list, select admin_tree.

ℹ️

Note

If your admin tree is already customized, skip steps 4-6 and select your custom admin tree.

1. Select File > Copy.
2. Fill in the following values:
   1. Menu Tree Name: custom_admin_tree
   2. Code: cat
   3. Internal: No
   4. Description: Administration Tree
3. Fill in the following values:
   1. Menu Tree Name: custom_admin_tree
   2. Code: cat
   3. Internal: No
   4. Description: Administration Tree
4. Click Save.
5. Select Customize Menu.
6. Within ServiceDesk > Application Data > Codes, right-click Codes and click Create New Node.
7. Create a new node with the following information:
   1. Node Name: BeyondTrust Connection Type
   2. Resource: BeyondTrust Connection Type

ℹ️

Note

If you do not have a BeyondTrust Connection Type resource, follow step 11 to create one. Otherwise, skip to step 12 once you have saved the record.

1. Click Save.
2. To create a new resource, click the blue Resource link, and select the Create New button from the displayed screen. Fill in the following information to create the BeyondTrust Connection Type resource:
   • Name: BeyondTrust Connection Type
   • Description: BeyondTrust Connection Type
   • Resource: OP=SEARCH+FACTORY=zbgr_connection_type+QBE.EQ.delete_flag=0
3. Go to Administrator > Security and Role Management > Role Management > Tabs.
4. Click on Administration tab with full menu.
5. Select the Administration link from the starting page and edit the Administration Web Form.
6. Modify the Resource section to add the following to the end of the existing value: +KEEP.tree_code=cat.
7. Restart the CA Service Desk services.

Configure Remote Support

Several configuration changes are necessary on the BeyondTrust Appliance B Series to integrate with CA Service Desk. You must make these changes on each appliance for which you intend to create a plugin configuration.

All of the steps in this section take place in the BeyondTrust /login administrative interface. Access your Remote Support interface by going to the hostname of your B Series Appliance followed by /login (e.g., https://support.example.com/login).

Verify the API Is enabled

This integration requires the BeyondTrust XML API to be enabled. This feature is used by the BeyondTrust Middleware Engine to communicate with the BeyondTrust APIs.

Go to /login > Management > API Configuration and verify that Enable XML API is checked.

Create an OAuth API account

The CA Service Desk API account is used from within CA Service Desk to make Remote Support Command API calls to Remote Support.

1. In /login, navigate to Management > API Configuration.
2. Click Add.
3. Check Enabled.
4. Enter a name for the account.
5. OAuth Client ID and OAuth Client Secret is used during the OAuth configuration step in CA Service Desk.
6. Under Permissions, check the following:
   • Command API: Full Access.
   • Reporting API: Allow Access to Support Session Reports and Recordings, and Allow Access to Presentation Session Reports and Recordings.
7. Click Save at the top of the page to create the account.

Add an outbound event URL

1. Go to /login > Management > Outbound Events.
2. In the HTTP Recipients section, click Add and name it Integration or something similar.
3. Enter the URL to use:
   • If using an appliance ID of default: http://:/ERSPost. The default port is 8180.
   • If using an appliance ID other than default: http://:/ERSPost?appliance= where is the hostname where the BeyondTrust Middleware Engine is installed. The default port is 8180. The is an arbitrary name, but note the value used, as it is entered later in the plugin configuration. This name accepts only alphanumeric values, periods, and underscores.
4. Scroll to Events to Send and check the following events:
   • Support Session End
   • Customer Exit Survey is Completed
   • Representative Survey is Completed
   • Someone Joins a Support Session (Optional)
5. Click Save.

The list of outbound events contains the event just added. The Status column displays a value of OK if communication is working. If communication is not working, the Status column displays an error which you can use to repair communication.

Configure the CA Service Desk plugin

Now that you have configured CA Service Desk and the BeyondTrust Appliance B Series, deploy and configure the CA Service Desk plugin.

1. Copy the provided plugin ZIP file to the server hosting the BeyondTrust Middleware Engine.

2. Extract the plugin ZIP file to the Plugins folder in the directory where the BeyondTrust Middleware Engine is installed.

3. Restart the BeyondTrust Middleware Engine Windows service.

4. From the server, launch the middleware administration tool. The default URL is http://127.0.0.1:53231.

5. The CA Service Desk Plugin shows in the list of plugins. Click the clipboard icon to add a new configuration.

ℹ️

Note

For more information on installing and working with the BeyondTrust Middleware Engine, see the Middleware Engine Guide.

BeyondTrust Appliance B Series

The first portion of the plugin configuration provides the necessary settings for communication between the plugin and the B Series Appliance. The configuration sections include:

1. Plugin Configuration Name: Any desired value. Because multiple configurations can be created for a single plugin, allowing different environments to be targeted, provide a descriptive name to indicate how this plugin is to be used.
2. Appliance Id: This can be left as Default or can be given a custom name. This value must match the value configured on the outbound event URL in the B Series Appliance. If outbound events are not being used, this value is still required, but any value may be used.
3. BeyondTrust Appliance B Series Host Name: The hostname of the B Series Appliance. Do not include https:// or other URL elements.
4. BeyondTrust Integration API OAuth Client ID: The client ID of the OAuth account.
5. BeyondTrust Integration API OAuth Client Secret: The client secret of the OAuth account.
6. Locale Used for BeyondTrust API Calls: This value directs the B Series Appliance to return session data in the specified language.
7. Disabled: Enable or disable this plugin configuration.
8. Allow Invalid Certificates: Leave unchecked unless there is a specific need to allow. If enabled, invalid SSL certificates are allowed in calls performed by the plugin. This would allow, for example, self-signed certificates. We do not recommend this in production environments.
9. Use Non-TLS Connections: Leave unchecked unless it is the specific goal to use non-secure connections to the B Series Appliance. If checked, TLS communication is disabled altogether. If non-TLS connections are allowed, HTTP access must be enabled on the BeyondTrust /login > Management > API Configuration page. We strongly discourage using non-secure connections.

ℹ️

Note

When using OAuth authentication, TLS cannot be disabled.

1. Outbound Events Types: Specify which events the plugin processes when received by the middleware engine. Keep in mind that any event types selected here must also be configured to be sent in BeyondTrust. The Middleware Engine receives any events configured to be sent in BeyondTrust but passes them off to the plugin only if the corresponding event type is selected in this section.
   • Support Session End
   • Customer Exit Survey is Completed
   • Representative Survey is Completed
2. Polling Event Types: If network constraints limit connectivity between the B Series Appliance and the middleware engine such that outbound events cannot be used, an alternative is to use polling. The middleware engine regularly polls the B Series Appliance for any sessions that have ended since the last session was processed. At this time, only the Support Session End event type is supported.

ℹ️

Note

One caveat to polling behavior versus the use of outbound events is that if a session has ended but the customer exit survey has not yet been submitted within the same polling interval, the customer exit survey is not processed. This does not apply to representative surveys since the session is not considered to be complete if a representative survey is still pending.

1. Polling Interval: Enter only if polling is used. This determines how often the middleware engine polls the B Series Appliance for sessions that have ended.
2. Retry Attempt Limit: Enter the number of retries that can be attempted if the plugin fails to process an event.
3. Retry Outbound Event Types: Specify which outbound events the plugin retries if it fails to process an event.
4. Retry Polling Event Types: Specify which polling events the plugin retries if it fails to process an event.

CA Service Desk instance

The remainder of the plugin configuration provides the necessary settings for communication between the plugin and the CA Service Desk instance. The configuration settings include:

1. CA Service Desk Services URL: The services URL for the CA Service Desk instance (e.g., https://caservicedesk.example.com/axis/services/USD\_R11\_WebService)
2. CA Service Desk Username: The username of the API account.
3. CA Service Desk Password: The password of the above user.
4. Enable Automatic Incident Creation on Session Start (Rep joins session): If checked, the plugin processes support_conference_member_added events and the external key to determine whether to create a ticket within CA Service Desk or not. The plugin attempts to create the ticket only if this setting enabled, if the conference member joining the conference is a representative, and if the external key is either a JSON string or the literal value CHAT.
5. Enable Automatic Incident Creation on Session End: If checked, the plugin processes support_conference_end events as usual but also examines the external key to determine whether to create a ticket within CA Service Desk or not. The plugin attempts to create the ticket only if this setting is enabled and if the external key is empty, is a JSON string, or is the literal value CHAT. If the external key is any other value, it is assumed to be a valid ticket ID, and the session is processed as usual (i.e., no ticket is created).
6. Ticket Default Data: A JSON string containing values that can be used to prepopulate certain fields on the newly created ticket.

After saving the configuration, click the test icon next to the new plugin configuration. No restart is needed.

Report templates

On the BeyondTrust Middleware Engine server, in the \Plugins\\Templates folder, there are multiple files ending with *.hbs. These are Handlebars template files. These files are used by the plugin to format the session report and exit surveys that are added to the corresponding ticket each time a BeyondTrust session ends or each time a survey is submitted. The templates can be edited if desired.

ℹ️

Note

If you are editing a template, we recommend copying and saving the original in case the changes need to be reverted.

For more information, see the Handlebars website.

Use cases

Generate session key

Support staff can generate a session key that can be given to the end user over the phone or via email to initiate a support session that is automatically associated with the selected ticket.

Import BeyondTrust session data into ticket

Once the session ends, the ticket is automatically updated with information gathered during the session, including:

• Chat Transcript (including files transferred, special actions, and other events)
• System Information (the General section plus other select details such as disk, memory, and network)
• Session Notes
• Surveys (customer and representative)

Jump to configuration item

Support staff can leverage BeyondTrust Jump Technology to access a configuration item associated with a ticket directly from the Service Desk ticket. The following Jump types are available:

• Jump Client (Pinned Client)
• Local Jump (Push and Start Local)
• Remote Jump (Push and Start Remote)
• Remote Desktop Protocol (RDP)
• Shell Jump (Remote Console)

Click-to-chat for self service users

Self Service users can open their submitted tickets and start a chat support session directly from the Service Desk ticket. This allows the user the quickest path to resolution while also providing the representative with the necessary context to assist the user. Sessions can be elevated to full support sessions if enabled and when necessary.

Auto-ticket creation

For previously unreported issues or questions, the end user can submit some basic information and immediately begin a support session. Meanwhile, the integration takes the submitted information from the session and creates a new Service Desk ticket. This saves time and unnecessary steps for the end user and support staff.